Skip to main content
Blue @ Work

Reporting cyberattacks to Wellmark

Part 2: Taking action

In the unfortunate event of a cyberattack or privacy breach, you must report these occurrences to Wellmark Blue Cross and Blue Shield. Learn more about what to report and when you should report these events.

Reporting cyber incidents to Wellmark

In the event of a privacy breach or security incident, you are required to report the event no later than 10 business days following the discovery. You must provide a written report that includes:

  • The nature and date of the breach, including the date it was discovered
  • The type of protected health information (PHI) that was accessed, used or disclosed and by whom (if known)
  • List the steps taken to correct the problem
  • Any actions taken to mitigate future cyberattacks

A privacy breach is the inappropriate access, use or disclosure of PHI. You should also keep in mind the HIPPA definition of a breach. A security incident may include:

  • Unauthorized access, use, disclosure, modification or destruction of Wellmark’s electronic PHI records OR
  • Unauthorized interference with system operations that contain or provide access to Wellmark’s electronic PHI records 

Take action

If you have any questions or concerns, talk to your authorized Wellmark representative or send an email to Send Email.

Learn more to protect yourself against cybersecurity threats:

Cyberattacks and HIPAA rulesUnderstanding types of cyberattacks
Cyberattacks and HIPAA rules article Understanding types of cyberattacks article